[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Using LDAP for auth against LINUX
Hello all and a happy new year,
I'm in the process of changing our infrastructure from NIS to LDAP. In the past
NIS was hosted on a AlphaServer 1200 with Tru64UNIX that acted as an file
server. Since the storage is going to be exhausted and buying more hard disks
was not an option it was planned to buy a new server with plenty of storage.
The new server has arrived and got SuSE Linux Enterprise Server 10 installed
(there was no option to choose an other OS :-( . It will serve Windows Clients
(NT, W2k, XP, ..) via Samba and Unix-Systems (Tru64, NetBSD, Linux, ..) via NFS.
Samba is configured as a PDC. Users are kept in LDAP so that password
syncronisation can easily be achieved. This setup works as expected.
Now, I have to adapt all the other systems to the new infrastructure. The most
urgend task is to switch the mail server to the new setup. The mail server is a
AlphaStation 255/300 with NetBSD-3.0.
$ > uname -a
NetBSD host 3.0 NetBSD 3.0 (GENERIC) #0
Since the change is in progress this server uses the old NIS databases to auth
users. But in the near future I have to switch to LDAP. The old NIS databases
are to be switched off.
So I installed the missing bits for LDAP, namely
LDAP was configured with
The entries i added are
Using ldapsearch I can perfectly query the LDAP database and get the user
After verify the LDAP setup working ok I went ahead with configuring NSS and
PAM. This is where I'm now and stuck, since I can't get that to work as
In order not to break the current setup I left NIS as is (there shouldn't be any
problem using both NIS and LDAP, however). The pam_ldap.so was linked from
/usr/pkg/lib/security to /usr/lib/security. To get the configuration working I
used the HowTo from http://wiki.netbsd.se/OpenLDAP_Authentication_on_NetBSD
nsswitch.conf got the ldap entries added
group: files nis ldap
passwd: files nis ldap
and /etc/pam.d/system was populated with ldap entries
auth sufficient pam_ldap.so
auth sufficient pam_krb5.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
account sufficient pam_ldap.so
account required pam_krb5.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_lastlog.so no_fail no_nested
password sufficient pam_ldap.so
password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
I created /usr/pkg/etc/nss_ldap.conf and sym linked pam_ldap.conf to this file.
I do have a user entry in LDAP that does not exist in NIS. But whatever I try I
can't get getent(1) to produce output for this user (although NIS works ok for
Up to now I haven't made any step further.
What am I missing? Please feel free to ask for config data I have not provided
in this mail. I think LDAP isn't the problem since ldapsearch produces correct
Any hints are very much appreciated.
fon: (+49 351) 462 2780
fax: (+49 351) 462 3476
parcels: Gutzkowstr. 22, 01069 Dresden
letters: PF 12 07 01, 01008 Dresden
Hochschule für Technik und Wirtschaft Dresden (FH)
Friedrich-List-Platz 1, 01069 Dresden
Main Index |
Thread Index |